Re: LDAP and authentication

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, February 09, 2004 6:29 PM +0100 Matthijs 
<matthijs@cacholong.nl> wrote:
> # rootdn
> rootdn "uid=ldapadm,dc=cacholong,dc=nl"
> rootpw {KERBEROS}ldapadm@CACHOLONG.NL


Is uid=ldapadm an entry in your DB?  In our setup, our rootdn is something 
entirely different that we actually never use on the master. ;)  If your 
"uid=ldapadm" bit is an entry in your LDAP db, with its userPassword entry 
in the DB as well, you should be able to comment out the rootpw line, and 
change your rootdn to something else... we have 
rootdn="cn=manager,dc=stanford,dc=edu", which has a minimal entry in our DB:

dn: cn=manager,dc=stanford,dc=edu
objectClass: organizationalRole
cn: manager


Also, I believe the use of {KERBEROS} was deprecated in later 2.1 versions, 
and should be replaced with {SASL} (but I could be wrong).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html